Transparent Deployment

This deployment involves configuring the firewall or router to route all port 80 and port 443 traffic to the Web Appliance. In this mode, web traffic filtering is transparent to users. Unlike Explicit Deployment, you are not required to configure end user browsers.

  • Inspects HTTP and HTTPS traffic.
  • Only the firewall and/or the router requires configuration.
  • If it fails, only the firewall and/or the router must be reconfigured.

Operation

  • Users make HTTP/HTTPS requests from their clients that are sent out to the LAN.
  • The router receives all network traffic and bounces all HTTP/HTTPS requests to the Web Appliance .
  • The Web Appliance assesses URLs, blocks disallowed requests, checks if allowed URL requests are currently cached, and passes URL requests that are not cached out to the LAN.
  • The router passes all HTTP/HTTPS requests from the Web Appliance out through the firewall to retrieve the URLs from the internet .
  • The Web Appliance receives the new pages or files and caches them; it passes the pages or files of allowed requests back to the users .
  • The users receive only safe and allowed pages and files or a notification page.

Configuration

  1. Connect the Web Appliance's LAN port to your organization's LAN.
  2. In the Web Appliance's administrative web interface, on the Configuration > Network > Network Interface page, set the Deployment mode to Transparent.
  3. Configure your router so that it redirects all port 80 traffic to port 80 and port 443 traffic to port 443 on the Web Appliance. In this case, the destination of each packet remains unaltered, but the packets are sent by the router to the Web Appliance.
    Traffic on port 80 and 443 from the Web Appliance should be passed to the firewall. All other port traffic is passed as usual.
Note
With Active Directory enabled in Transparent mode, a Windows issue causes Internet Explorer to be repeatedly prompted for authentication. When deploying in Transparent mode, all workstations must be able to resolve the hostname of the Web Appliance into a FQDN (for instance http://ws1000 must resolve to http://ws1000.example.com). For more information, please see http://support.microsoft.com/kb/303650. Firefox users may need to type their password repeatedly unless browser settings are reconfigured.